Package org.keycloak.services.util
Class MtlsHoKTokenUtil.MtlsHoKProtocolMapper
java.lang.Object
org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
org.keycloak.services.util.MtlsHoKTokenUtil.MtlsHoKProtocolMapper
- All Implemented Interfaces:
OIDCAccessTokenMapper,OIDCAccessTokenResponseMapper,OIDCIDTokenMapper,TokenIntrospectionTokenMapper,UserInfoTokenMapper,ProtocolMapper,ConfiguredProvider,Provider,ProviderFactory<ProtocolMapper>
- Enclosing class:
- MtlsHoKTokenUtil
public static class MtlsHoKTokenUtil.MtlsHoKProtocolMapper
extends AbstractOIDCProtocolMapper
implements OIDCAccessTokenMapper, OIDCIDTokenMapper, UserInfoTokenMapper, TokenIntrospectionTokenMapper, OIDCAccessTokenResponseMapper
Protocol mapper that binds access tokens to the client's mTLS certificate
by adding the "cnf" (confirmation) claim with a "x5t#S256" certificate
thumbprint. This ensures sender-constrained tokens for all grant types,
including token exchange.
-
Field Summary
FieldsFields inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
TOKEN_MAPPER_CATEGORY -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptiongetId()transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) Methods inherited from class org.keycloak.protocol.oidc.mappers.AbstractOIDCProtocolMapper
close, create, getEffectiveModel, getProtocol, getShouldUseLightweightToken, init, postInit, setClaim, setClaim, setClaim, transformAccessTokenResponse, transformIDToken, transformIntrospectionToken, transformUserInfoTokenMethods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, waitMethods inherited from interface org.keycloak.provider.ConfiguredProvider
getConfigMethods inherited from interface org.keycloak.protocol.oidc.mappers.OIDCAccessTokenResponseMapper
transformAccessTokenResponseMethods inherited from interface org.keycloak.protocol.oidc.mappers.OIDCIDTokenMapper
transformIDTokenMethods inherited from interface org.keycloak.protocol.ProtocolMapper
getPriority, validateConfigMethods inherited from interface org.keycloak.provider.ProviderFactory
dependsOn, getConfigMetadata, orderMethods inherited from interface org.keycloak.protocol.oidc.mappers.TokenIntrospectionTokenMapper
transformIntrospectionTokenMethods inherited from interface org.keycloak.protocol.oidc.mappers.UserInfoTokenMapper
transformUserInfoToken
-
Field Details
-
PROVIDER_ID
- See Also:
-
-
Constructor Details
-
MtlsHoKProtocolMapper
public MtlsHoKProtocolMapper()
-
-
Method Details
-
getId
- Specified by:
getIdin interfaceProviderFactory<ProtocolMapper>
-
getDisplayCategory
- Specified by:
getDisplayCategoryin interfaceProtocolMapper
-
getDisplayType
- Specified by:
getDisplayTypein interfaceProtocolMapper
-
getHelpText
- Specified by:
getHelpTextin interfaceConfiguredProvider
-
getConfigProperties
- Specified by:
getConfigPropertiesin interfaceConfiguredProvider
-
transformAccessToken
public AccessToken transformAccessToken(AccessToken token, ProtocolMapperModel mappingModel, KeycloakSession session, UserSessionModel userSession, ClientSessionContext clientSessionCtx) - Specified by:
transformAccessTokenin interfaceOIDCAccessTokenMapper- Overrides:
transformAccessTokenin classAbstractOIDCProtocolMapper
-